Fabrice Fontaine
575c60ff9a
package/readline: add Signed-off-by and renumber patch
...
Add Signed-off-by and while at it, renumber it
Fixes:
- https://bugs.buildroot.org/show_bug.cgi?id=13731
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-11 20:04:11 +02:00
Bernd Kuhls
4eceaa242b
package/kodi-pvr-vuplus: bump version to 7.4.3-Matrix
...
Changelog:
https://github.com/kodi-pvr/pvr.vuplus/blob/Matrix/pvr.vuplus/changelog.txt
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-11 20:03:19 +02:00
Peter Korsgaard
535c65594c
package/i2c-tools: add upstream post-4.2 i2ctransfer fix
...
i2c-tools 4.2 contained an invalid check, leading to verbose false-positive
warning messages when the variable length ({r,w}?) option is used:
https://www.spinics.net/lists/linux-i2c/msg50032.html
https://www.spinics.net/lists/linux-i2c/msg50253.html
Unfortunately upstream does not make bugfix releases, instead opting to list
such bugfixes on the wiki:
https://i2c.wiki.kernel.org/index.php/I2C_Tools
So add the patch here.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-11 11:36:55 +02:00
Peter Korsgaard
7aee27c2b9
package/clamav: security bump to version 0.103.2
...
Fixes the following security issues:
- CVE-2021-1386: Fix for UnRAR DLL load privilege escalation. Affects
0.103.1 and prior on Windows only.
- CVE-2021-1252: Fix for Excel XLM parser infinite loop. Affects 0.103.0
and 0.103.1 only.
- CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash.
Affects 0.103.0 and 0.103.1 only.
- CVE-2021-1405: Fix for mail parser NULL-dereference crash. Affects
0.103.1 and prior.
- CVE-2021-27506: The ClamAV Engine (Version 0.103.1 and below) embedded in
Storsmshield Network Security (1.0 to 4.1.5) is subject to DoS in case of
parsing of malformed png files.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-10 18:39:56 +02:00
Fabrice Fontaine
68c7be9c28
package/isl: bump to version 0.23
...
Update indentation in hash file (two spaces)
https://repo.or.cz/isl.git/blob/8cec80451ea4f2f225629527b99ee2dc54ac2cad:/ChangeLog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-10 10:31:27 +02:00
Fabrice Fontaine
44deddbf82
package/python-httplib2: add CPE variables
...
cpe:2.3🅰️ httplib2_project:httplib2 is a valid CPE identifier for this
package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ahttplib2_project%3Ahttplib2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-10 10:30:09 +02:00
Fabrice Fontaine
2050b4869d
package/python-httplib2: security bump to version 0.19.1
...
- Fix CVE-2021-21240: httplib2 is a comprehensive HTTP client library
for Python. In httplib2 before version 0.19.0, a malicious server
which responds with long series of "\xa0" characters in the
"www-authenticate" header may cause Denial of Service (CPU burn while
parsing header) of the httplib2 client accessing said server. This is
fixed in version 0.19.0 which contains a new implementation of auth
headers parsing using the pyparsing library.
- Fix CVE-2020-11078: In httplib2 before version 0.18.0, an attacker
controlling unescaped part of uri for `httplib2.Http.request()` could
change request headers and body, send additional hidden requests to
same server. This vulnerability impacts software that uses httplib2
with uri constructed by string concatenation, as opposed to proper
urllib building with escaping. This has been fixed in 0.18.0.
- Use LICENSE file instead of PKG-INFO
- pyparsing is a runtime dependency since version 0.19.0 and
bd9ee252c8
https://github.com/httplib2/httplib2/blob/v0.19.1/CHANGELOG
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-10 10:29:23 +02:00
Fabrice Fontaine
b27d514c7d
package/python-zeroconf: bump to version 0.29.0
...
Update indentation in hash file (two spaces)
https://github.com/jstasiak/python-zeroconf/tree/0.29.0#changelog
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-10 10:29:10 +02:00
Fabrice Fontaine
f90056070b
package/python-pyelftools: bump to version 0.27
...
Update indentation in hash file (two spaces)
https://github.com/eliben/pyelftools/blob/v0.27/CHANGES
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-10 10:28:57 +02:00
Fabrice Fontaine
16770c8cb9
package/sysdig: add SYSDIG_CPE_ID_VENDOR
...
cpe:2.3🅰️ sysdig:sysdig is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Asysdig%3Asysdig
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-10 10:28:41 +02:00
Fabrice Fontaine
6db751e1e1
package/network-manager: bump to version 1.22.16
...
Notice: This fixes a security issue, but in code not used in Buildroot:
ifcfg-rh: handle "802-1x.{,phase2-}ca-path". Otherwise setting this
property silently fails and a profile might accidentally not perform
any authentication (CVE-2020-10754).
Update indentation in hash file (two spaces)
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/1.22.16/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: Clarify that security issue isn't applicable to Buildroot]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 23:29:05 +02:00
Fabrice Fontaine
6aa602e783
package/x11r7/xdriver_xf86-video-ati: add missing dependency
...
Fix the following build failure which is raised since commit
a3aac6d847
:
WARNING: unmet direct dependencies detected for BR2_PACKAGE_MESA3D_DRI_DRIVER_RADEON
Depends on [n]: BR2_PACKAGE_MESA3D [=y] && (BR2_i386 [=n] || BR2_x86_64 [=n])
Selected by [y]:
- BR2_PACKAGE_XDRIVER_XF86_VIDEO_ATI [=y] && BR2_PACKAGE_XORG7 [=y] && BR2_PACKAGE_XSERVER_XORG_SERVER_MODULAR [=y] && BR2_PACKAGE_MESA3D [=y]
Fixes:
- http://autobuild.buildroot.org/results/36773085f933ab2ee558f53a6c0ae5365077ad5e
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 23:16:55 +02:00
Julien Olivain
7e02d2e762
package/fluidsynth: bump to version 2.2.0
...
For change log since v2.1.5, see:
- https://github.com/FluidSynth/fluidsynth/releases/tag/v2.1.6
- https://github.com/FluidSynth/fluidsynth/releases/tag/v2.1.7
- https://github.com/FluidSynth/fluidsynth/releases/tag/v2.1.8
- https://github.com/FluidSynth/fluidsynth/releases/tag/v2.2.0
./utils/test-pkg --package fluidsynth
6 builds, 2 skipped, 0 build failed, 0 legal-info failed
Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 23:15:19 +02:00
Bernd Kuhls
d69f1f7b32
package/libdrm: bump version to 2.4.105
...
Removed patch 0001, committed upstream:
https://cgit.freedesktop.org/mesa/drm/commit/?id=52f05d3d896480ee5431dcd444f53bb2a8e41cce
Renumbered remaining patch.
Updated license hash due to upstream commits:
https://cgit.freedesktop.org/mesa/drm/log/xf86drm.c
Release notes:
https://lists.freedesktop.org/archives/dri-devel/2021-April/302515.html
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 23:12:27 +02:00
John Keeping
eb8824ddc0
package/kexec: bump to version 2.0.21
...
https://lists.infradead.org/pipermail/kexec/2020-December/021835.html
Both patches were backports and are included in the 2.0.21 release so
they are deleted.
Signed-off-by: John Keeping <john@metanate.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 23:09:47 +02:00
Bernd Kuhls
e243ec75f3
package/ffmpeg: bump version to 4.4
...
Remove wavpack-related patch and configure options due to upstream
removal of wavpack support:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=45070eec4c089b06947f07e25cdb1bc8b2102553
Changelog:
http://git.videolan.org/?p=ffmpeg.git;a=blob;f=Changelog;;hb=refs/heads/release/4.4
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 22:53:50 +02:00
Bernd Kuhls
25135631d2
package/kodi-pvr-iptvsimple: bump version to 7.6.1-Matrix
...
Changelog:
https://github.com/kodi-pvr/pvr.iptvsimple/blob/Matrix/pvr.iptvsimple/changelog.txt
Upstream added a dependency to xz:
8f19dac9a5
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 22:46:18 +02:00
Bernd Kuhls
a70e5a708f
package/kodi-inputstream-ffmpegdirect: bump version to 1.20.1-Matrix
...
Changelog:
https://github.com/xbmc/inputstream.ffmpegdirect/blob/Matrix/inputstream.ffmpegdirect/changelog.txt
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 22:45:55 +02:00
Francois Perrad
8b65b4d60d
configs/mx6cubox: bump Linux and U-Boot versions
...
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 21:22:40 +02:00
Fabrice Fontaine
b1ce058e45
package/attr: bump to version 2.5.1
...
Drop second patch (already in version)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 21:22:18 +02:00
Fabrice Fontaine
a28e511cd7
package/acl: bump to version 2.3.1
...
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 21:21:48 +02:00
Fabrice Fontaine
678edb144b
package/acl: add ACL_CPE_ID_VENDOR
...
cpe:2.3🅰️ acl_project:acl is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Aacl_project%3Aacl
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 21:21:02 +02:00
Fabrice Fontaine
1feedcd845
package/openldap: bump to version 2.4.58
...
Drop fifth patch (already in version)
https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_4_58/CHANGES
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 21:20:13 +02:00
Fabrice Fontaine
5f2d38df4f
package/bridge-utils: bump to version 1.7.1
...
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 21:19:34 +02:00
Bernd Kuhls
ad259f06cc
package/x11r7/xlib_libXaw: bump version to 1.0.14
...
Release notes:
https://lists.x.org/archives/xorg-announce/2021-March/003077.html
Reformatted hashes.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 21:18:05 +02:00
Bernd Kuhls
248fdccce4
package/x11r7/xlib_libXres: bump version to 1.2.1
...
Release notes:
https://lists.x.org/archives/xorg-announce/2021-March/003078.html
Reformatted hashes.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 21:17:56 +02:00
Bernd Kuhls
cff9e4bab0
package/x11r7/xdriver_xf86-input-libinput: bump version to 1.0.0
...
Release notes:
https://lists.x.org/archives/xorg-announce/2021-April/003079.html
Updated license hash due to upstream commit:
https://cgit.freedesktop.org/xorg/driver/xf86-input-libinput/commit/?id=2bbc4727a12471e3699e2803404a013656066a94
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 21:17:44 +02:00
Fabrice Fontaine
aaa96d7887
package/python-markdown2: add PYTHON_MARKDOWN2_CPE_ID_VENDOR
...
cpe:2.3🅰️ python-markdown2_project:python-markdown2 is a valid CPE
identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Apython-markdown2_project%3Apython-markdown2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 21:15:56 +02:00
Francois Perrad
22bb5c4e63
package/quickjs: bump to version 2021-03-27
...
- remove patch (merged upstream)
- file LICENSE added
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 21:14:18 +02:00
Fabrice Fontaine
24e26793bc
package/network-manager-openvpn: bump to version 1.8.14
...
Update indentation in hash file (two spaces)
https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/blob/1.8.14/NEWS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-09 21:13:11 +02:00
Bernd Kuhls
15a2f9b819
package/{mesa3d, mesa3d-headers}: bump version to 21.0.2
...
Release notes:
21.0.0: https://lists.freedesktop.org/archives/mesa-announce/2021-March/000622.html
21.0.1: https://lists.freedesktop.org/archives/mesa-announce/2021-March/000624.html
21.0.2: https://lists.freedesktop.org/archives/mesa-announce/2021-April/000625.html
DRI swrast driver was removed:
https://cgit.freedesktop.org/mesa/mesa/commit/?h=21.0&id=435de835cd639d1b9bb96f81fc224771dc90af6d
OSMesa classic support was removed:
https://cgit.freedesktop.org/mesa/mesa/commit/?h=21.0&id=ee802372180a2b4460cc7abb53438e45c6b6f1e4
To avoid any conflict, and to show that the new OSMesa is Gallium-based,
we name the new option with a _GALLIUM suffix, even though this is now
the only OSMesa implementation left.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[yann.morin.1998@free.fr:
- rename the new option s/$/_GALLIUM/
- don't drop the the old (pre-classic) legacy option
- slightly reword the OSMesa help entry
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-04-07 23:24:25 +02:00
Bernd Kuhls
acd317d907
package/tor: do not install systemd service file
...
Upstream removed the sample service file for use with systemd:
https://gitweb.torproject.org/tor.git/commit/contrib?h=maint-0.4.5&id=915af1a65bc217fa33490876199bb69f760bea23
Fixes:
http://autobuild.buildroot.net/results/b80/b807f19283528b9f0d0c46250b660ea84695679c/
http://autobuild.buildroot.net/results/de4/de4f1a99b1c524b81579ee804156e26d3f8babe7/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 21:27:05 +02:00
Fabrice Fontaine
552ba842b7
package/iwd: bump to version 1.13
...
iwd fails to build since bump of ell to version 0.39 in commit
9988ca9ead
:
/home/buildroot/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/powerpc64-buildroot-linux-gnu/9.3.0/../../../../powerpc64-buildroot-linux-gnu/bin/ld: src/ie.o: in function `ie_parse_data_rates':
ie.c:(.text+0x23ac): undefined reference to `minsize'
This is fixed by
https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=17cf4da72613e80d08d51401399d02683ba8664b
Use official iwd tarball which will contain ell/useful.h header
https://git.kernel.org/pub/scm/network/wireless/iwd.git/tree/ChangeLog?h=1.13
Fixes:
- http://autobuild.buildroot.org/results/44e243530cbcec1c88511bb22f5e8e4655c43824
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 21:23:02 +02:00
Dick Olsson
09d3f13053
package/s6-rc: bump to version 0.5.2.1
...
Update license hash due to year change.
http://skarnet.org/cgi-bin/archive.cgi?1:mss:1515:mhcdpginfgieagphalne
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 21:17:50 +02:00
Dick Olsson
e88edae046
package/s6-networking: bump to version 2.4.1.0
...
Update license hash due to year change.
http://skarnet.org/cgi-bin/archive.cgi?1:mss:1535:lpehbljhhcpaopbnkkbf
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 21:17:29 +02:00
Dick Olsson
b14b2844f7
package/s6-dns: bump to version 2.3.5.0
...
Update license hash due to year change.
Refer to the change set described for s6-networking in the announcement:
http://skarnet.org/cgi-bin/archive.cgi?1:mss:1535:lpehbljhhcpaopbnkkbf
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 21:16:20 +02:00
Dick Olsson
6d49b14165
package/s6-linux-utils: bump to version 2.5.1.4
...
Update license hash due to year change.
http://skarnet.org/cgi-bin/archive.cgi?1:mss:1515:mhcdpginfgieagphalne
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 21:15:15 +02:00
Dick Olsson
4376edb2d0
package/s6-portable-utils: bump to version 2.2.3.1
...
Update license hash due to year change.
http://skarnet.org/cgi-bin/archive.cgi?1:mss:1515:mhcdpginfgieagphalne
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 21:14:42 +02:00
Dick Olsson
7f552c710f
package/s6: bump to version 2.10.0.2
...
Update license hash due to year change.
http://skarnet.org/cgi-bin/archive.cgi?1:mss:1535:lpehbljhhcpaopbnkkbf
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 21:13:54 +02:00
Dick Olsson
86f7634baf
package/execline: Fix license hash after bump to version 2.8.0.0
...
Updated license hash due to year change.
Commit bf66772c9b
was accidentally based
on v1 of this patch.
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 21:13:03 +02:00
Dick Olsson
965bf9e0ca
package/skalibs: Fix license hash after bump to version 2.10.0.2
...
Updated license hash due to year change.
Commit 4d5587cb56
was accidentally based
on v1 of this patch.
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 21:11:26 +02:00
Peter Seiderer
097da083b1
package/valgrind: fix musl compile
...
The file musl.supp is missing from the download source package, add a
patch deviated from reduced upstream commit ([1]) re-adding the missing file.
Fixes:
- http://autobuild.buildroot.net/results/b106be44d6e7d82a4e3ad16c995366a46d39ee3c
make[1]: *** No rule to make target 'musl.supp', needed by 'default.supp'. Stop.
[1] https://sourceware.org/git/?p=valgrind.git;a=patch;h=f4d98ff79d5a79102b777ea7e23002d9f7326489
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 21:07:37 +02:00
Dick Olsson
39763ca74e
DEVELOPERS: Add Dick Olsson for all skarnet and s6 packages
...
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 20:46:30 +02:00
Bernd Kuhls
47b1bbd2f4
package/kodi-pvr-iptvsimple: bump version to 7.6.0-Matrix
...
Release notes:
https://github.com/kodi-pvr/pvr.iptvsimple/releases/tag/7.6.0-Matrix
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 20:43:30 +02:00
Peter Korsgaard
3eadd76740
package/avahi: ignore CVE-2021-26720
...
CVE-2021-26720 is an issue in avahi-daemon-check-dns.sh, which is part of
the Debian packaging and not part of upstream avahi - So ignore the CVE.
https://security-tracker.debian.org/tracker/CVE-2021-26720
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 20:41:14 +02:00
Dick Olsson
bf66772c9b
package/execline: bump to version 2.8.0.0
...
http://skarnet.org/cgi-bin/archive.cgi?1:mss:1535:lpehbljhhcpaopbnkkbf
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 20:41:09 +02:00
Dick Olsson
4d5587cb56
package/skalibs: bump to version 2.10.0.2
...
- Drop patch that has been included upstream
http://skarnet.org/cgi-bin/archive.cgi?1:mss:1535:lpehbljhhcpaopbnkkbf
Signed-off-by: Dick Olsson <hi@senzilla.io>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-04-07 20:41:09 +02:00
Peter Korsgaard
168bb8c336
docs/website: update for 2021.02.1
...
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-07 13:37:12 +02:00
Peter Korsgaard
a74cb089cb
Update for 2021.02.1
...
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bb10b0dfe6
)
[Peter: drop Makefile change]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-07 13:34:27 +02:00
Peter Korsgaard
0918d2bf2d
package/nodejs: security bump to version 12.22.1
...
Fixes the following security issues:
CVE-2020-7774: npm upgrade to 6.14.12 - Update y18n to fix
Prototype-Pollution (High)
This is a vulnerability in the y18n npm module which may be exploited by
prototype pollution.
https://github.com/advisories/GHSA-c4w7-xm78-47vh
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-04-07 11:21:12 +02:00